package io.github.wppli.webcocket.config;

import io.github.wppli.webcocket.interceptor.StompChannelInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry;
import org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer;
import org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor;
import org.springframework.web.socket.config.annotation.EnableWebSocket;

@Configuration
@EnableWebSocket
public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {

    @Override
    protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
        messages
                /*表示对于匹配到的这些目的地的消息，发送者必须是经过身份验证的用户。
                这意味着只有登录用户才能向以 /app/ 开头的目的地发送消息。*/
            .simpDestMatchers("/app/**").permitAll()
                /* 表示只有经过身份验证的用户才能订阅以 /user/ 开头的目的地。*/
            .simpSubscribeDestMatchers("/user/**").permitAll()
                .anyMessage().permitAll();
    }



    @Override
    protected boolean sameOriginDisabled() {
        return true; // 允许跨域
    }


    @Override
    public CsrfChannelInterceptor csrfChannelInterceptor() {
        return null; // 禁用CSRF保护
    }

}